public inbox for [email protected]
help / color / mirror / Atom feedFrom: Akshat Jaimini <[email protected]>
To: Daniel Gustafsson <[email protected]>
To: [email protected]
To: Magnus Hagander <[email protected]>
Subject: Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list.
Date: Fri, 6 Oct 2023 11:35:01 +0530
Message-ID: <CAMaW3VhQ-tfc6cHx=QxLgDsWHYFccZPz=JOq87frnkaANmPggw@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAMaW3VhRaUvSi_mR+_th7b=LQ3NZ-=Kg_aqTmAQpRXhC9zoDJg@mail.gmail.com>
<CABUevEyiDjSY3iR6V-3EWqRmpgX490uVoxKWzCFXJUD5NOUvKQ@mail.gmail.com>
<CAMaW3VgFmQH6Qz_5rE3mmGrSqNXk-0T0z_czufZOnMai2Yo61w@mail.gmail.com>
<[email protected]>
> Publishing this report to a website would handle that I think.
I had sent a proposal/tried to start a discussion for this a few days
earlier :
https://www.postgresql.org/message-id/CAMaW3Vg%2BGoQ3JPNo%2BfbLk9ajQv%3D4g4J-bzSAH0OJL7S71_qMig%40ma...
It would actually make the reporting mechanism a lot easier if we can
publish the results to a website. I am currently working on a small
prototype in golang. Currently the reports are being stored as artifacts on
Github actions(only available for 90 days) but we can use services like
Supabase etc to store our reports and present them on the website. Once we
integrate supabase we can get rid of Github artifacts for good.
> One question, would this test harness detect and report potential
security issues like XSS?
Security related tests were not added in the Gsoc timeline but we are
planning to add them. Maybe when we add those tests we can create a
separate section on the proposed website only available to some 'admins'
with all these sensitive reports being displayed there.
We can actually benefit with some more discussion on this.
Regards,
Akshat Jaimini
On Thu, Oct 5, 2023 at 8:32 PM Daniel Gustafsson <[email protected]> wrote:
> > On 3 Oct 2023, at 21:30, Akshat Jaimini <[email protected]> wrote:
>
> > > That is, if it finds the same issue on a later run, it must not
> re-send the same thing. How does it work in regards to that today?
> >
> > As per the current flow whenever a new commit is pushed to the pgweb
> repo, the tests are executed. If some tests fail, an error report is sent
> with the information of all the failed tests. So if that particular issue
> has been resolved, the same report won't be sent but if some other commit
> is pushed without resolving that particular issue then that particular
> error will be reported again.
>
> That doesn't seem terribly great, while bugs and errors should be fixed
> when
> found, sending reports of them repeatedly risk reporting-fatigue.
> Publishing
> this report to a website would handle that I think.
>
> One question, would this test harness detect and report potential security
> issues like XSS? If so we should probably limit the audience of the
> report..
>
>
> --
> Daniel Gustafsson
>
>
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list.
In-Reply-To: <CAMaW3VhQ-tfc6cHx=QxLgDsWHYFccZPz=JOq87frnkaANmPggw@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox